Privacy Policy and Cookies

Last edition: 01 May 2025

1. BACKGROUND POSITIONS

SCARB (“Website”, “Add-on”, “my”, “our”, “us”) brings you! Since you have now moved to our Privacy and Cookies Policy, please take a short break and carefully read this text.

This Privacy and Cookies Policy (“Policy”) refers to how the SCARB digital product applies – the website provided by https://scarb.co/ and the SCARB mobile app (hereinafter referred to as the “Website/Appendix”), which are administered by LLC “Effiz”.

Our Privacy and Cookies Policy explains how we collect, store, and protect data that is stolen from you as a result of your visit to the Website/Appendix. Vikorist Website/Addendum, You acknowledge that you have read and understood the Privacy Policy and Cookies Policy, and agree to all other provisions.

Since you are not good enough (or you can’t get good enough) with the Minds of Corruption and this Policy, you do not have the right to borrow the Website/Addendum. Be kind, tell us about your misfortune in any way indicated in section 16. CONTACTS this Policy. This Policy applies to all users of the Website/Add-on (both employees who use the mobile add-on and the most important representatives of robot sellers who use the SCARB HR panel).

What a reasonable and reliable setting!

2. VISION

PERSONAL DATA – information and the totality of information about an individual who is identified or can be specifically identified.

COOKIES are small files that are saved on your device (computer or mobile device) when visiting websites or other add-ons.

DATA HOLDER (CONTROLLER) – a physical or legal person who holds personal data (including a third person). For the purposes of this Policy, we act as the Controller of your personal data.

DATA PROCESSOR (PROCESSOR) is a natural or legal person who is the owner of personal data and the law gives the right to process this data in the name of the owner. We can hire third parties as agents to process data on our behalf.

DATA SUBJECT is a physical person, personal data of which is collected. KORISTUVACH is a physical person who is a vikorist Website/Addendum. Koristuvach is the subject of the data.

HR-PANEL is a web interface of the SCARB administrative panel, used for updating important representatives of the employer (HR managers) by reviewing the latest data and analytics for the psychological development of practitioners.

GDPR – General Data Protection Regulation (Regulation (EU) 2016/679), which means it is possible to process personal data of EU/EEP residents.

CCPA – California Consumer Privacy Act, which establishes rules for the processing of personal data of residents of the state of California, USA.

DPA – Data Processing Agreement – an agreement between the controller and processor that regulates the processing of personal data.

SCC – Standard Contractual Clauses – standard clauses approved by the European Commission to ensure adequate protection of personal data during international transfers.

TIA – Transfer Impact Assessment – assesses the risks for personal data when it is transferred to such an extent that it does not provide adequate protection.

3. SEE THE DATA WE COLLECT AND VIKORISTOVUYE

Personal details. While accessing the Website/Addendum, you can provide us with information by which you can be identified or contacted. Before such Personal tributes lie, zokrema, otherwise not inclusive:

  • Identification and contact information: email addresses; phone number; outside the name (nickname, name, according to father); unique regional identifiers (for example, account ID in our system, profile identifier). If you register through third-party services (Apple ID, Google ID, Facebook ID, etc.), we are removed from these services.

  • Profile data: information that you can voluntarily add to your account manager’s profile, such as your borrowers (pronouns), status, date of birth, photo (avatar), family background and number of children, placement and work experience in companies, other demographics and work data.

  • Personal records and types: information that you enter into the addendum at the time of registration (for example, certificates for training, records about moods, favorite activities, settings for other factors, etc.). This data may contain information about your psychological self-esteem and may be related to sensitive personal data. We collect such data solely from your own personal experience , as it is intended to provide you with personal recommendations and support.

  • Other data that you provide: be it information that you fill out yourself or force through the Website/Addendum (for example, when you complete the form before the service support and fill out the form).

Dani koristuvannya. We can also automatically collect song data from your browser or when you use the Website/Appendix ( Cost Data ). Such data does not allow us to directly identify you, but may be considered personal by relating it to other information. Gifts may include:

  • Technical information about your device and connection: IP address of your device, browser type, model and type of your device, operating system, software version.

  • Data from the customer session: pages or sections of the Website/Addendum as you refer to; the hour and the triviality of being on these sites; directions for navigating through our services.

  • I will set up identifiers and notifications: unique identifiers will be added to the device or cloud record (for example, a token for Push notifications), which allows you to receive notifications.

  • Logs and diagnostic data: date and hour of access to the Website/Add-on; pardons and journals, robotic systems; Other technical information is necessary to diagnose problems and ensure safety.

Cookies data. We use Cookies and similar technologies to enhance the functionality of our Website/Appendix and your satisfaction. Cookies are small text files that are processed by our service and saved on your device. Cookies may collect and store information about your use of the Website/Appendix, for example, your preferences or login status.

You can configure your browser so that you are aware of all Cookies or notify you when Cookies are being abused. Please note that if Cookies are enabled, parts of our Website/Appendix may not function correctly or become inaccessible.

Use Cookies as we are victorious:

  • Session Cookies: hourly files that are saved for an hour of working with the site/app and allow you to identify the sequence of your actions. We use session cookies to ensure proper functioning of the Website/Appendix (for example, to save login time for the session).

  • Cookies are useful: they allow you to remember your settings (for example, your choices) to improve your experience the next time you make them.

  • Security Cookies: are used to ensure security - for example, to authenticate users, prevent fraud and protect against unauthorized access.

  • Analytics Cookies: Third-party Cookies (for example, Google Analytics) that help us collect statistical data about the website and understand how users interact with our product. This information allows us to analyze traffic and improve the service. (More details about analytics in section 11. ANALYTICS below).

Note about third-party cookies: These cookies may be set by third-party services that work with them (for example, Google). We are not responsible for the Cookies policies of third party sites and recommend that you read their privacy policies (Section 13. CONTENTS ON THIRD PARTY WEBSITES OSIB ).

4. VICORISTAN DATA

SCARB collects data for a variety of purposes, for:

  • The service and function of the product. We collect your data to ensure the smooth operation of the Website/Add-on and all its functions, including the creation and support of your account account, login, access to the mobile add-on and HR panel.

  • Personalization of your information. Personal and psychological data are analyzed to formulate individual recommendations, programs for the development and “path” to improve mental health. To put it simply, we will provide you with information (moods, similarities, data about work, etc.) in order to present you with the content and for the sake of the most relevant for your needs and needs.

  • Communications with you. Contact information (email, phone number) is collected for authentication, access renewal (for example, password reset), and also for contacting you with administrative services. We can provide you with notifications about updates to the supplement, important changes in minds and policies, advice on the right product (for example, push notifications about replenishment of food preparation), responses to your requests before service some encouragement.

  • Monitoring and supporting your psychological health. Data about your mood and psychological state are analyzed to improve the dynamics of your well-being and provide you with relevant recommendations and content support. For example, our algorithms can detect low mood and give you special advice to relieve stress or refer you to a specialist.

  • Creation of advanced analytics for robot sellers. If you use SCARB as part of an enterprise program (through your vendor), we can use your data (both in an individual and aggregated form) to produce reports and analytics for the global market. the well-being of the health workers of the company. This helps managers and HR departments to immediately identify trends (for example, increasing stress in the department) and implement approaches to brighten the minds of the work. Please note: as a rule, such calls do not contain your special data, which directly identify you, for the reason of the fallout, if you have been given a strong weather or if it is necessary for the term reaction (section 12. ADDITIONS REGULATIONS FOR HR MANAGERS ).

  • Information about the change. We collect your data (contact form) to inform you about changes to our Website/Appendix, its functions, and its Policy.

  • Give some support. Your data can be used by our team to support the most advanced technical and nutritional products that you are interested in. For example, the history of your actions or diagnostic logs will help us understand the cause of the problem.

  • Analysis and improvement of service. We analyze collected data (including data from testing, test results, test results) in order to improve and personalize SCARB. This allows us to optimize the operation of essential functions, develop new tools that meet the needs of customer service providers, improve the interface, and further improve the customer experience.

  • Monitoring of vikoristannya and security. This data helps us monitor activity on the Website/Add-on, identify abnormal behavior or potentially disruptive actions. We collect this information in order to maintain reliable and stable operation of the service, prevent unauthorized access, identify and deal with technical problems or information incidents be safe.

  • Vikonanny sought legislation for other legitimate purposes. We can collect your data to complete our legal duties (for example, maintaining accounting records or providing information to law enforcement agencies). Data may also be used to protect our rights and interests in the event of disputes (for example, saving logs for incident investigation).

  • There are other goals that you have given this year. We plan to use your personal data for any additional purposes not covered by this Policy, and we will definitely request your prior notice.

We collect your personal data on legal platforms , subject to proper data protection legislation. Depending on the specific situation, various transactions with the data may be carried out on the basis of your year, the need for a contract (the assignment of services to you in accordance with the law), the contract our legal requirements, as well as on the basis of our legitimate interests (for example, maintaining the safety and integrity of the service). If you would like to obtain more information about the legal framework for processing specific categories of data, please refer to the contacts provided in section 16. CONTACTS .

5. SAVING DATA

We save your personal data only for as long as is necessary to achieve the purposes of this Policy, unless otherwise required by law. This means that your information will be protected as long as you use our Website/Appendix and have an active account, as well as for a reasonable period after deactivating the account (for example, to establish legal goiter or the height of possible disputes).

Saving lines can be stored in the data type:

  • Personal data about your profile and cloud record are saved throughout the entire period of your use of the service. If you wish to delete the cloud record, we will see or anonymize such data, in addition to those that are required to be protected by law or to protect our legitimate interests.

  • Data collection (technical logs, analytics) is saved for a short period sufficient for internal analysis. Such data may be retained only in cases where it is necessary to enhance the security of the Website/Appendix, improve functionality, or where we are required to save it in accordance with the law. For example, security logs can be kept longer for incident investigation.

  • Sensitive information about the psychological state is saved throughout the line of your personal account, as much as possible is necessary to provide you with services to support mental health. You can at any time see or edit such data through the addendum; You also have the right to take advantage of their views by contacting us (div. section 9. YOUR RIGHTS ).

After the need to process your data from the pad, or after deleting the stored data, we can delete or anonymize personal data. Anonymization means that all identifying elements will be permanently deleted and the data will no longer be associated with you.

Please note that deleting your data from our backups and archives may take an additional hour. We can also save minimally necessary information after deleting the cloud record, which is necessary to resolve our legal issues, resolve disputes, or ensure the protection of our interests. (for example, saving information about the year or history of the animal before support service).

6. TRANSFER AND INTERNATIONAL DATA MOVEMENT

The main server requirements for storing and processing collected data are located on the territory of Ukraine. At the same time, inspecting the global architecture of our infrastructure (and the dark services of the Digital Ocean company from points of presence in different regions - the USA, Europe, Asia, Australia, Canada), your data may be transferred, stored or transferred outside the country or jurisdiction of your residence. This means that in some cases, your personal data may be accessed on servers located in other countries, where the data security laws may differ from the laws of your jurisdiction.

We are aware of the risks associated with international data transfer and take necessary steps to ensure the proper security of your information, regardless of where it is processed. . Zokrema:

  • We transfer personal data of clients from the European Union or the European Economic Area to the extent that they are not known to provide adequate protection to the country (for example, to the USA), we are committed to Chapter V GDPR. This means that we will rely on the Standard Contract Clause (SCC) , approved by the European Commission, and/or other legal mechanisms, transferring the GDPR, to legitimize such transfer. We also conduct ongoing assessments (TIAs) for important international transfers - we analyze whether the laws of the importing country affect the effectiveness of the SCC, and the need for additional security measures. Where necessary, we implement additional technical and organizational measures (for example, data encryption) to ensure that the security of your data is equivalent to that required by EU law.

  • Since we transfer the data of residents of Ukraine outside Ukraine, we are subject to the Law of Ukraine “On the Protection of Personal Data” through transcordon transfer, so we are converting, so that the country’s powers will be ensured adequate protection of personal data or the necessary agreements regarding the protection of data from the owner.

  • In all cases, we transfer your personal data abroad only : (a) as necessary to provide you with our services (confirmation of the agreement between you and us); (b) or at your discretion; (c) because such transfer is required by law or other statutory order.

Your use of the Website/Appendix and the provision of information to us shall be deemed to be subject to such international transfer, saving and processing of data (in such cases as required by law). We guarantee that regardless of the place of processing, your personal data will be subject to the security procedures described in this Policy. If you require additional information about the mechanisms for the international transfer of your data, please contact the contacts provided in section 16. CONTACTS .

7. ROZKRITTYA DATA (TRANSFER TO THIRD PERSONS)

We do not sell or transfer your personal data to third parties, other than as expressly provided in this Policy or by law . In certain situations, we may need to reveal (transfer) your tributes to the enclosed stake of possessors. These types of attacks are:

  • Vikonannya required the law to respond to legal issues. We can disclose your data, as we respect in good faith, which is not necessary for the prosecution of the law. This includes situations where the most appropriate legal request is made to government authorities , courts or law enforcement agencies (for example, a subpoena, a court decision or other legal request). We can also disclose information that is necessary to protect our legal rights, heighten disputes, or protect the shahraist.

  • Our companions and affiliated individuals. Access to personal data is limited to those employees and contractors of LLC “Effiz”, for whom this information is necessary for their work (for example, technicians in the technical department, support services, analysts). All of them are required to comply with this policy. Politicians have signed a separate agreement about non-disclosure.

  • Post-officers of servants (third individuals-obrobniks). We may transfer your data to third parties whom we may request to provide us with additional services and process data on our behalf. These can be:

    • Data center services and hosting providers: for hosting infrastructure and saving data (for example, our data center provider Digital Ocean).

    • Notification and distribution services: for sending emails, SMS or push notifications (for example, email services, Apple/Google push notification services).

    • Analytical platforms: how they support and analyze our Website/Appendix (for example, Google Analytics, section 11. ANALYTICS ).

    • Payment services: (where payments are made by merchants) for processing transactions and setting up accounts.

    • Other IT solution providers and support: which help us in the development and service of the product (for example, services for power supply management, robot monitoring services, etc.).

  • Such parties act as processors (processors) on our behalf. They deny access only to such data as is necessary for the completion of their specific tasks, and agree to not disclose or misrepresent data for any other purposes. We enter into an agreement (for example, a DPA) with each such customer for the processing of data, which complies with the law on data protection.

  • Your robot seller (corporate client). If you are registered with SCARB as a corporate license provider, we can provide detailed information about your company's employment opportunities to the employer's senior representatives (HR managers). As a rule, this is aggregated and non-separate data that does not directly identify you (for example, the final level of stress according to the section, hundreds of active members, such as those who form a team). We adhere to the principle of anonymity in order to prevent the visibility of information about a specific person from such reviews (for example, we set the minimum number of participants in the selection for forming metrics). Important: personal data about your health or behavior is not transferred to the robot seller without your consent , except for critical events, if such transfer is in your interests (for more details, see section 12. ADDITIONS REGULATIONS FOR HR MANAGERS ).

  • Potential transactions are angry and degraded. In times when our business will take part in a business transaction (distribution, investment, sale of assets or receipt of investment), personal data of investors may become part of the transfer of assets. In such a situation, we: (a) guarantee that any potential buyer or infringer of claims will comply with the provisions of this Policy and the relevant legislation regarding personal data; (b) we will promptly notify you (for example, by e-mail or by publicity on the site) about the change in control over your personal data and about the choices you can make with them.

  • For your direct message or good fortune. We can transfer your personal data to third parties for your request or for your benefit. For example, if you want to quickly provide additional services that convey the role of an external psychologist or coach, and give time for the transfer of important information to them, we will conclude that such transfer is necessary in the minds that you will be talking about informed. If you ask us to provide a copy of your data to another recipient of psychological support services, we will obtain it after proper authentication and confirmation of your request.

In all cases of data disclosure, we adhere to the principle of minimal sufficiency: we provide third parties with only the information that is really necessary for a particular purpose. We do not share your personal data with any unreliable or irreplaceable influencers.

8. DATA SECURITY

We respect the security of your personal data. To protect information from unauthorized access, change or destruction, we have implemented a set of technical and organizational security measures, ranging from the most rigorous Galouze practices. Zokrema:

  • Data encryption. All data transmitted between your device and our server is protected by an encryption protocol using TLS (Transport Layer Security) version 1.2 or higher. This means that when you enter information on the site, it is transmitted encrypted and cannot be read by third parties during transmission. Confidential data that we save may also be encrypted in a database or file storage (for example, we use reliable encryption algorithms for saving backup copies).

  • Protect cloud records. Your password is saved in our system in a hashed form - so we do not save the password itself, but rather its cryptographic bit (hash), created by a strong algorithm. This protects your password from the entire database. We strongly recommend that you choose a unique, reliable password and protect its confidentiality. For particularly sensitive accounts (for example, HR managers), we offer two-factor authentication (MFA) - an additional security measure that requires confirmation of login using another factor (for example, a one-time code on the phone). We can also support login via SSO (Single Sign-On) with corporate cloud records, which are configured by the robot provider, which ensures centralized access control.

  • Limited access and training for staff. Internal access to the personal data of clients is based on the principle of “the bare minimum”: a specialist of LLC “Effiz” can obtain only the information that is necessary for you to sign up for services obov'yazkiv. In addition, all our workers undergo regular training in information security and data protection. We provide role-based access and secure authentication methods (including MFA) for security personnel to access critical systems.

  • Rozrobka and testing are safe. We adhere to the Privacy by Design concept and ensure the safety and security of privacy at all stages of SCARB development. Our development process includes regular security testing: static and dynamic code analysis, pentesting of supplements by independent contractors, checking for the presence of spills. Potential safety issues identified are promptly addressed in accordance with the spill management policy.

  • Infrastructure protection. Our servers are located in secure data centers that are certified to international security standards (for example, ISO 27001, SOC 2). We maintain current border security features (cross border screens, intrusion detection systems), and also regularly update the server security software to eliminate potential spillages. Continuous monitoring of this security is carried out. Backup copies of data are automatically created and stored in an encrypted format to avoid wasting information.

  • Control of third-party data collectors. When we rely on third-party providers to process data (such as data services or analytics), we make sure that high security standards are met. We verify our certifications (for example, SOC 2, ISO 27001) and include them in the agreement to ensure confidentiality and data security.

While we want to do everything we can to protect your data, it is important to understand that the usual method of transmitting data over the Internet and the method of electronic storage is not 100% secure . This means that, regardless of our commitment, we cannot guarantee the absolute security of the information. If, no matter what happens in your life, there is a turn or an incident with your data, we will inform you (subject to the law) and do everything possible to minimize negative consequences.

We also urge you to follow steps to protect your data: keep track of your data in the cloud data vault, use complex passwords, and do not transmit information, the disclosure of which could cause you significant harm, through unprotected channels. If you suspect that your account record has been compromised, or if you have noticed any security issue or problem on our Website/Appendix, please notify us (Section 16. CONTACTS ).

9. YOUR RIGHTS

We are committed to providing you with greater control over your personal data. As you are a resident of Ukraine, we guarantee the implementation of the rights of the data subject transferred by the Law of Ukraine “On the Protection of Personal Data”. If you are located in the territory of the European Union or the European Economic Area (EU/EEA), you also have rights under the Global Data Protection Regulation (GDPR). Below is a description of your basic rights regarding personal data that you can access quickly:

  • Right of access – You have the right to request confirmation from us that we have processed your personal data, and also to obtain a copy of all personal data we hold about you (in a structured, machine-readable format). This allows you to find out what we ourselves know, with what method they are processed and to whom the stench was revealed.

  • The right to correction – if any personal data we collect is inaccurate or incorrect, you have the right to have it corrected or clarified. You can also edit most of your data yourself by signing up for your profile setup.

  • Right to erasure (right to be forgotten) – You have the right to ask us to delete your personal data, and we will do so if: the data is no longer needed for the purposes for which it was collected; You have taken your opportunity and there is no longer any other legal basis for processing; You will be lined and sealed against the cuttings; tribute was collected illegally; or as a matter of fact, it is necessary for the vikonanny of a legal duty. Restore respect: this right is not absolute - in some cases we can save certain information that is necessary (for example, for the prosecution of a legal challenge or defense in court).

  • Right to object to processing – You have the right to object to the processing of your personal data at any time , as long as such processing is based on our legitimate interests or for direct marketing purposes. Once registered, we accept the processing of your data, in addition to data, if it is possible to demonstrate that there are legitimate grounds for processing that respect your interests, rights and freedoms, or for establishing, validating zakhistu legal vimog.

  • The right to processing - You have the right to obtain time-to-hour processing of your data in certain cases, for example: if you discredit the accuracy of the data (for the period that allows us to verify its accuracy); if the payment is illegal, you don’t want to see the tribute; if we no longer need the data, but you will need it for the establishment and protection of legal rights; or if you find a solution, it’s good for you to guard against processing. During the exchange period, we will no longer be able to save such data and will not perform any other operations with them (except for saving, because your benefit is required, or to protect the rights of other people, or important substituting suspenseful interest).

  • Right to Data Portability – You have the right to withdraw your personal data that you have provided to us in a structured, commonly used and machine-readable format, as well as the right to transfer this data to another controller (or, if technically possible, to have it transferred to us). directly to another controller) without any wrongdoing on our side. This right is asserted if: the processing is carried out automatically and on your behalf or on the basis of a contract.

  • The right to withdraw your consent – in cases where the processing of your personal data is based on your year, you have the right to withdraw your request at any time . The call now does not affect the legality of the procedure that was in place before the call. If you agree, we can continue to process your personal data except for other obvious legal reasons (such as those). Please note that clicking on the processing of sensitive data (for example, data about moods) may prevent you from using SCARB song functions, and without this data we will not be able to provide you with a relevant service.

In order to quickly obtain any of the listed rights, you can contact us at any time - just send your contact information to our email address or postal address specified in section 16. CONTACTS . For certain requests (for example, requests for access or remote access), we can also provide you with a manual tool through your account record or a special form.

Verification of an individual: in order to exercise your rights, we may have to verify your identity in order to confirm that you are the subject of the personal data. This prevents unauthorized access to your information along with other people. For example, we may ask you to register with the same email address associated with your SCARB account, or to provide additional information for confirmation.

We are reporting to everyone in order to respond to your request within 30 days from the date of your cancellation. This line can be extended for another 30 days in case of difficulty or a large number of one-hour requests - in this case we will inform you about the extension and reasons for the delay.

Vidmova from the Vikonanny will ask: in some cases we can legally ask the Vikon to ask for your question (in general or in part). This will become unnecessary if the corresponding question is groundless or supernatural (for example, it is repeated for no real reason) or because we may have the right to edit the question according to the law. Once we see it, we will clearly explain to you the reason for this and let us know about the possibility of disgrace.

You also have the right to submit your claim to the competent authority for data protection . If you are in Ukraine, such a body is the Supreme Council of Ukraine for Human Rights (Ombudsman) or another body established by law. If you are in the EU/EEZ, you can complain about your money to the national body for the protection of the data of your country or the country where the place is destroyed. Contact details of national authorities are available on the official website of the European Commission or by contacting: https://edpb.europa.eu/about-edpb/about-edpb/members_en. If you are in California, you may be entitled to rights under the CCPA (Section 10. RIGHTS OF CALIFORNIA RESIDENTS below).

We will be careful that before regulators you give us a chance to resolve the problem head-on. In the future, you can immediately write to us about your anxiety, and we will try to promptly supply food to your satisfaction.

10. CALIFORNIA RESIDENTS' RIGHTS (CCPA)

If you reside in the State of California (USA), you are subject to the provisions of the California Consumer Privacy Act (CCPA) and related regulations. We are required to comply with the CCPA when collecting personal information from California residents. Zokrema, You have the right to use your data:

  • Right to Know: You can ask us what categories of personal information about you we have collected, in what ways, by what method, and what categories of third parties have collected your data (such as boules). You also have the right to obtain a copy of specific pieces of personal data that we have collected about you in a specified format.

  • Right to Delete: You have the right to request that we delete any of your personal information that we have collected from you and save, and we are required to avoid such a request, unless Savings are necessary for: completing a transaction or running a service; detection and protection of illegal activities; dotrimannya legal goiter; implementation of legal rights (eg freedom of speech); internal vikoristannya between the context of your contacts with us too (a new addition to the blame for guidance from the CCPA). We will inform you that your request is subject to certain guilt.

  • Right to Opt-Out of Sale: The CCPA gives you the right to opt-out of sale of your personal information to third parties. We do not allow the sale of personal data for a penny or another price to the city (as the term “sales” is used by the CCPA). We also do not share your personal data with third parties for the purposes of targeted advertising outside of our service (which could be considered “sale” or “share” due to certain privacy laws). Thus, the option for sale does not actually stop until our activity - as a result, we do not sell anything. As this practice changes, we will update this Policy and give you the option of Opt-Out (for example, through the “Do Not Sell or Share My Personal Information” message on our website).

  • Right to Non-Discrimination: We will not discriminate against you on a daily basis (inform you from employees, give more harshness to the service, charge a different price or tariff, etc.) through those who have claimed their privacy rights guaranteed by the CCPA. The implementation of your rights is not dependent on the service that you take away from us, except for these problems, if the processing of data makes it difficult to provide this functionality (in this case, we will inform you about tse).

To quickly obtain your rights under the CCPA, or your trusted representative, you can send us a verification request (section 16. CONTACTS for communication methods). To verify your identity when the entry is removed, we can ask you to provide additional information (using the method of reconverting, so that you yourself are the owner of the data). Ask your authorized representative to provide additional confirmation (for example, a notarized power of attorney or other document that confirms the right to act in your name).

Because you have rights under the CCPA or because we handle personal information for California residents, please contact us for contact information in Section 16. CONTACT US . We have prepared this Policy in accordance with the CCPA, and the parts related to the categories of collected data, the purposes of data transfer, transferred to third parties, and also satisfy the requirements of the CCPA.

11. THIRD PROCESSORS

To ensure the operation of our service, we may engage third party companies and others who process your personal data on our behalf ( third party processors or processing subcontractors ). It is important to make it easier for us to provide our Services and perform the singing functions (as described in section 7. DESCRIPTION OF THE DATA ).

Such third parties deny access to your personal data, including for the purpose of fulfilling specific tasks that we set before them, and are required not to speak out or misrepresent this data for any other purposes. In other words, our postal service providers cannot independently determine how to process your data - they only act within the framework of our instructions and agreements with us.

We carefully select partners whom we trust to process data, and establish data protection agreements (DPA) with them . In these areas, a number of requirements for confidentiality and security have been established. Zokrema, our processors are required to take the necessary technical and organizational steps to protect personal data, promptly notify us about security incidents, and help us respond to requests. subjects of these data too.

Applications of categories of third-party processors that we can obtain: dark platforms (for hosting), email and SMS services, analytics services, performance monitoring services, payment providers, Cybersecurity consulting firms, too. All of them fall under these agreements and control from our side.

We do not grant the right to a hardware processor to receive sub-processors without our approval . If any of our postal leaders would like to obtain additional support for assistance in processing your data, we are obliged to first reject our benefit and impose the same strict obligations on the sub-processor in order to protect the data.

List of the main third-party services that we use on Vikorist:

  • Bad infrastructure: Digital Ocean, server hosting (potential production locations: USA, EU etc.).

  • Analytics: Google Analytics (section 11. ANALYTICS below).

  • Information: Apple Push Notification services (APNs), Firebase Cloud Messaging for pushing push notifications; SendGrid service or similar for email enhancement.

  • Productivity monitoring: basic Digital Ocean logging tools, possibly Sentry or similar services for tracking payments (you will be further informed about this in the policy, as such services transmit data).

(This may result in changes to the development of our product; we are updating our Policy as we continue to introduce new categories of processors).

We repeat: Your data is forfeited under our jurisdiction if it is collected by third parties. We monitor and are responsible for ensuring that the processors we obtain adhere to privacy standards that are least consistent with the standards of this Policy.

12. ANALYTICS

We may use third-party services for monitoring, collecting and analyzing statistical data about the website/Add-on. Such analytics help us better understand the behavior of customers, evaluate the popularity of song functions and improve the product.

Google Analytics. One of the main analytical tools we use is Google Analytics, a web analytics service provided by Google. Google Analytics collects information about the behavior and activity of customers on our Website/Appendix through the use of Cookies and similar technologies.

Collected data (for example, data about your device, page details, session duration, geographical distribution in different places, as available) is transmitted to Google servers in a separate manner. Google collects this data to evaluate the content of our Website/Addendum and generate feedback for us. The reviews that we see from Google do not contain information that allows you to be directly identified - they are of an aggregative nature (for example, the number of registered clients during the current period, the middle hour of re-visiting the page).

Google may use collected data from Google Analytics to enhance its products and services and to personalize advertising across its advertising network. For example, information about your activities can be linked to what you get when you search on Google or YouTube. Important: We do not share any sensitive personal data (such as your entries or any information that identifies you by name) with Google Analytics. Google Analytics removes non-technical and non-specific information about the search engine.

A report on Google's privacy practices You can refer to Google's Privacy Policy: https://policies.google.com/privacy?hl=uk. It is also a good idea to familiarize yourself with the information about how Google collects copyright data if you use sites and supplements of their partners: https://policies.google.com/technologies/partner-sites.

How to view Google Analytics: If you do not want Google Analytics to track your activity on our Website/Appendix, you have several options. First, you can turn on saving cookies in your browser (section 3. Cookie data ), but you can also add other functions. In another way, Google is introducing a special Widmov module - Google Analytics Opt-out Browser Add-on , which you can install in your browser (available at: https://tools.google.com/dlpage/gaoptout). This tool does not allow Google Analytics JavaScript (ga.js, analytics.js, and dc.js) to share information with Google Analytics about advertising activity. On mobile devices, you can also select the option “Limit Ad Tracking” (for iOS) or “Opt out of Ads Personalization” (for Android) in your phone’s privacy settings - this will change the collection of data for advertising and analytical purposes.

Other analytical tools. At the time this Policy is updated, we do not use any other third party analytics services other than Google Analytics. Since we are likely to add a new analytics and tracking tool in the near future, we are obligated to update this Policy and (for the needs) of your year, as such a tool collects personal data between the descriptions here goals.

13. ADDITIONAL REGULATIONS FOR HR MANAGERS AND CORPORATE CLIENTS

SCARB is a unique platform that serves two categories of clients: (1) health professionals who use a mobile device for self-monitoring and improvement of their mental health; and (2) robots/HR-managers , as a vikoryst analytical panel for identifying the manifestations of the team’s burning camp and managing the well-being program. This section describes how the principles of confidentiality are established in a corporate context and what obligations the parties face.

Roles of parties in data processing. When SCARB is installed in the corporate environment, a Data Processor acts as a data processor for the personal data of employees, which is collected through an addendum, in which case the robot seller (client company) acts controller (Data Controller) of such data. This means that the hiring company aims to collect data (improving the self-esteem of workers, analytics for HR, etc.), and our work is inclusively consistent with these inserts, hopefully technical service for data processing. However, for certain aspects (for example, product improvement, behind-the-scenes analytics) we can act as an independent controller - in this case we continue to adhere to all guarantees described in this Policy.

Please about data processing (DPA). For every corporate client (worker), we are responsible for the processing of data , which regulates our obligations as processors and ensures the compliance with Article 28 of the GDPR (as a matter of fact). This is to ensure compliance with the provisions on confidentiality, security issues, the procedure for providing assistance to the controller when requesting data from subjects and reporting incidents, etc. In other words, the DPA guarantees that the personal data of your company's spies will be processed by us strictly within the framework of our instructions and with due care. Upon request, we are ready to provide you with a copy of the standard DPA for your reference.

Data available to the robot seller. As a standard, HR managers and other employees who have access to the SCARB panel receive only aggregated, non-separate information about the team. For example: the average rate of enrollment in the program (about hundreds of healthcare workers who are actively seeking additional benefits), the average well-being index for the company and children, the main factors of stress based on training, etc. We define an “anonymity threshold” – a minimum number of participants for generating group data (usually at least 5-10 people in a group), in order to disable the ability to guess about a specific person. In this way, the confidentiality of the individual results of the skin test is ensured.

Personal alerts. In some cases, the meta service - preventive support for healthcare workers - can help transfer information about a specific worker to the robot seller. For example, if the system detects that the attitude of a singing worker is critically depressed (an acute sign of burnout, a low mood during the last hour, etc.), SCARB can formulate notifications for HR with a recommendation to carry out Contact your health professional individually or ask for help. Such notifications include special data (name or unique identifier of the employee) - without which it is impossible to provide targeted information. We would like to remind you that such functionality is activated only for the following reasons: (a) your obvious benefit (the doctor himself is aware of the possibility of such information during registration or in setting up privacy); (b) because such exchange of data directly transfers the contract between us and the employer, and complies with the labor policies of the company and the law. At any time, such data is passed on to a selected group of people (for example, an HR manager or a corporate psychologist) in order to preserve their confidentiality.

Obligations of a robot seller. The client company that provides SCARB for its employees is responsible for properly informing employees and removing unnecessary fees (if necessary) for processing. Your personal data within this platform. The employer is responsible for making employees aware of this Policy and the government's internal policies for welfare support programs (such as such). In addition, the robot seller of the requests to collect data, collected through SCARB, is also intended to promote the availability of healthcare workers and improve the efficiency of the work environment , and not for punitive people. discriminatory approaches. Any attempt to use information from SCARB to make negative disciplinary decisions without the consent of the police officer may be seen as a violation of trust and data security laws.

Confidentiality on par with HR. Individuals who have access to the SCARB HR Panel are required to adhere to the privacy principles as strictly as we do. This means that HR managers are prohibited from disclosing any information received through the platform to other security specialists and third parties, except for cases of official necessity and, therefore, internal company policies. For example, if HR rejects anonymized reports about stress in a family, you can discuss hidden issues with the cerevist, but you are not guilty of trying to identify other people or discuss concerns about specific practitioners publicly. Since HR has specifically rejected notifications about a particular employee, this information may be handled sensitively and confidentially, it is recommended that you first contact the employee directly or a corporate psychologist, rather than disseminating this information more broadly.

Limited access. We give every corporate client the ability to independently access the HR panel (see logins for personal accounts, assign roles with different rights and review data). The company is required to maintain an up-to-date list of individuals who have such access, and to ensure that access is requested whenever the current service provider is no longer up-to-date (for example, when calling or transferring to another Posad). We recommend that you secure HR accounts with two-factor authentication and do not use multiple logins for many people - this will increase security and audit access.

Responsibility for maintaining confidentiality. If the employer or his representative (HR) violates the requirements for confidentiality of the data of the employees (for example, transfer the data to third parties without permission, or the vikory data is not recognized), Responsibility for such damage falls on the worker as a controller. We, on our part, are prepared to accept the investigation of the incident and provide all necessary information to maintain confidentiality and trust.

It is clear: customer privacy is our top priority , and this applies to both individual practitioners and corporate clients. We operate SCARB in such a way as to bring value to both workers (improving their well-being) and workers (providing tools for team work), without violating ethical and legal privacy standards. If you, like a representative of a robot seller, or like a spivrobitnik, have a wine, be it a food item, or vykoristannya data from SCARB - please, contact us for clarification (contacts - in section 16. CONTACTS ).

14. POSTING ON THE WEBSITE OF THE THIRD OSIB

Our Website/Appendix may be linked to third party websites or services that are not maintained by us. For example, a section of resources may have a post sent to an article on an external site, or in the add-on interface it can be sent to a partner’s platform.

Please note that we have no control over the privacy policies and practices of third party websites . If you go to a third-party site to receive instructions, our Policy no longer applies to you. By visiting a third-party resource, you are subject to the privacy policy of that resource.

We are not responsible for the content and activities of such third party websites. The presence of a message does not mean our praise or guarantee of the safety of that resource. You know and hope that SCARB (TOV “Effiz”) does not bear direct or indirect responsibility for any harm or waste caused by the abuse of any such third-party content, goods or services available on third-party websites.

We recommend that when accessing third-party resources, you should always be aware of their privacy policies and be careful to understand how they collect and abuse information about you. If you have lost your food or are in doubt about a third-party site, please contact the administrators of that site directly.

15. VICORISTAN SERVICE

Our Website/Appendix is intended only for those who have reached the 14th century . We know that we do not collect personal data from children under 14 years of age without their parents or legal guardians.

By virtue of SCARB, you represent and warrant that you have received at least 14 years of service and that you are fully responsible for the civil service and are responsible for the recruitment of such minds and service. If you have not yet reached the age of 14, or if you do not have sufficient competence to provide such services, you are prohibited from using our Website/Appendix. In such a time, please, it’s a good idea to use the service.

We understand that a person under 14 years of age has provided us with her personal data without express permission, so we are promptly logged in to delete this information. Fathers or guardians who have discovered that their child (up to 14 years of age) has registered with our supplement can contact us (via the contacts below) and we will help you to remove additional information.

For merchants from 14 to 18 years of age: take into account that the renewal of the legislation of Ukraine comes from 18 years, we understand that non-agenarians of the age of 14-17 rocks) denied the fathers' participation in the corporate welfare program (as a matter of fact) and informed the fathers about the SCARB initiative. However, we do not rely on this letter from Fatherland, since Ukrainian legislation allows individuals over 14 years of age to independently process their personal data at any time. We interpret your acceptance of this Policy and use of the service as a confirmation of the fact that you are of the utmost importance (including for consumption - for the benefit of your father and employer) for the benefit of the employer SCARB.

16. CHANGE BEFORE POLITICS

We reserve the right to make changes from time to time prior to this Policy. Our data processing practices and practices may change as new features become available, legislation changes, or our security procedures are streamlined. Therefore, we may periodically update the text of the Policy to reflect the changes.

As we are notified of changes: whenever we make any changes, we publish a new version of the Policy on this page, with an updated “Revised Edition” date on the top of the document. If you make any changes, we will be notified in detail - for example, through a banner on our website or notifications in the mobile app. In cases where changes may actually affect your rights or the method of correcting your data, we can also send you an individual notification by email (to the address listed in your business record) from description of changes

We recommend that you review this Policy periodically to ensure that you are always aware of the current version. Your continued activity or use of the Website/Addendum after changes have been made means that you accept and agree to the updated Policy.

If you do not agree with any changes in the Policy, you are guilty of corruption of SCARB and you can contact us to delete your personal data.

17. CONTACTS

We open your feeds, comments and queries to our Data Processing Policies and Practices. If you don’t understand, you want to quickly exercise your rights assigned to section 9 , or you have a proposal to reduce your privacy – contact us in one of the following ways:

  • Email: privacy@scarb.co

  • Phone: +380 93 755 8930.

  • Postal address: 03066, Ukraine, metro Kiev, st. Zhuravlina, bud. 4, apt. 21 (TOV “Effiz”).

Our representative at the Data Protection Office (DPO) will review your submission and provide a confirmation within a reasonable period of time (do not exceed 30 days). We appreciate your concern for privacy and are ready to help ensure visibility and control over your data in the face of SCARB compliance.